UKFast

Secure Remote Access

UKFast offers cloud-based RAS solutions that offer a secure remote connection for Public Sector organisations and their industry partners to connect back to the office networks, applications and data. The range of solutions includes connectivity for OFFICIAL (including SENSITIVE) with 2-factor authentication, protective monitoring and full end-user support.

Features

• OFFICIAL/OFFICIAL-SENSITIVE Remote Access Service via Internet, RLI, PSN or HSCN.
• End-to-end compliance
• Integrates with EMM
• 2-Factor Authentication options available
• Single Sign On for improved User Experience
• Hassle-free VPN setup
• Simple Client installation
• Full End User Support available from Service Desk
• Protective Monitoring and Security reporting (GPG-13)
• Predicatable monthly billing

Benefits

• Available as Cloud Service from existing accredited platforms.
• Options for connectivity to networks including RLI, PSN and HSCN.
• UK Sovereignty guaranteed .
• Software as a Service model reducing infrastructure and maintenance costs.
• Scalable to meet the changing demands.
• In Case of Emergency option available to burst capacity.
• Range of RAS solutions available to meet your specific requirements.
• Support for accreditation and code of connection where needed.
• UK-based, ISO-accredited data centres, fully owned and operated by UKFast.

£15 to £95 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@ukfast.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

129334597735990

Contact

Alberto Stec
0800 923 0601
gcloud@ukfast.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: The provision of the Cloud Software Services includes planned maintenance activities, which are documented within a Service Level Agreement. UKFast works with our customers to ensure that systems are regularly patched and maintained, whilst minimising impact on the user community and business requirements. UKFast works with the customers and the user community of the cloud software to deliver secure and resilient services, balancing the security and functionality that are commensurate with the business requirements
• System requirements: End Point Devices to be approved for OFFICIAL use.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Calls are responded to within 3 rings. Service Ticket response time is dependent on the criticality: 1. Critical - Immediate Response 2. High - Response within 10 minutes 3. Medium - Response within 1 hour 4. Low - Response within 4 hours 5. Very Low - Response within 24 hours. The standard SLA response times are applicable from 09:00 to 17:00 Monday to Friday (excluding UK Bank Holidays). 365/24/7 Support is also available as a service at an additional cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: All UKFast customers have access to ticket and telephone-based support, unless they choose to take an unmanaged service. Customers have access to a named Account Manager who takes overall responsibility for the customer's commercial, technical and support relationship with UKFast. Customers are assigned a support "pod" based on the type of solution they have with UKFast. This ensures customers will always be supported by the same core team of support engineers who are technical experts in their particular solution. Enterprise and public sector customers also have access to a named Service Manager in addition to their Account Manager.; ; Standard support is provided 08:00 to 18:00 Monday to Friday and includes 1st line (User support) through to system management, monitoring and administration. Additional support is available to extend the service support to 24/7 at additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full help documentation available at docs.ukfast.co.uk. Onboarding support is provided by our FASTdesk support engineer team along with solutions architects. We offer services to enable seamless on-boarding and collaborate to design a bespoke solution to meet your requirements. An onboarding process would typically include - Discovery process / Timeline setting / Risk assessment / Implementation process / Quality Assurance
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Access is provided for the customer to extract data, or can be undertaken by UKFast at no additional charge, depending on the method of delivery. Data can be provided as an image of the Virtual Machines, as extracted data or specific formats such as database exports. Where data is to be delivered by UKFast, encrypted portable drives can be provided.
• End-of-contract process: UKFast will work with the customer to ensure that the required data, records and audit logs have been extracted and verified before the services are terminated. Data content is then destroyed in accordance with InfoSec Standard 5. The UKFast service support team will assist the customer with communications to the User community about the end of the contract and either the termination or transfer of services. Images of Virtual Machines will be provided to the customer on request to allow the transfer of the services. Where support from UKFast is required beyond the end of the contracted services, for example to support the transition to another provider may incur additional charges.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile Access to the specific software services is supported through the Private Cloud service; the specific support for mobile device access to the software applications varies between the applications.
• Service interface: No
• API: No
• Customisation available: Yes
• Description of customisation: Access to the software services is provided via a web-based portal which performs authentication and authorisation to the cloud software services. This portal can be customised to match customer or project branding or to tie in with the application software user interface. The customisable elements of the software services themselves vary between the applications, but UKFast will apply customisations where they are supported. Other elements of the service, such as the reporting and dashboard can also be customised.

Scaling

• Independence of resources: Resources can be independently allocated to project User communities to ensure resilience of the service and capacity. Capacity of services are monitored, and customers are informed of changes in demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Service usage metrics can be defined by the customer to either be provided as on-demand dashboards and/or periodic reports. Typical usage data includes numbers of users per period, peak usage, average usage, heat-map of usage over time and days of the week, bandwidth consumption, volume of data uploaded/downloaded etc.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The export of data is supported and will vary depending upon the software applications being provided. This can include automated exports to external data repositories or specific data exports on request. Some of the applications also provide User driven data export functions.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Database exports
  • Application specific exports
• Data import formats:
  • CSV
  • ODF
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Each customer is provided with a Service Level Agreement which specifies the availability and response targets. Typical availability is 99.96%, assured by contractual commitment. UKFast offer Service Credits against the guaranteed levels of availability.
• Approach to resilience: Resilience of the service is provided throughout the service provision. The Data Centres are classified as a Tier 3 data centre with alternate supply paths for all services to ensure 100% Data Centre uptime. All redundant systems are regularly tested for operation and effectiveness. N+1 Redundant Power Supplies. The Public Sector Dataroom also has additional power connection allowing the entire room to be independently serviced in the event of a catastrophic failure at the site). Redundant Backup Power from Generators and UPS (N+1). 100% carbon neutral, PAS 2060 certified hosting. Carrier Neutral with a range of Tier 1 and 2 carriers. Multihomed internet presentation, means that if 1 carriers Point of Presence fails communications will automatically failover to another. Redundant (N+1) Air Conditioning and Environmental Control. Environmental systems supported by redundant power systems. DR facilities are also available, with secure connectivity provided to replicate data between the production and DR facilities.
• Outage reporting: Service outages and planned maintenance activities are communicated via the service web-interface status dashboards and messaging, via email alters and the Service Desk team make contact with agree Points of Contact in order to communicate status and ongoing activities.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Separate accounts are required for Administrative Access, with authentication and authorisation controls applied to all Administrative functions. SSH access to the Virtual machines command line, and RDP sessions requires key-based authentication from a specified source location into a bastion host, which then requires further authentication and account escalation at each onward connection to the specific administrative services.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: 24/06/2019
• What the ISO/IEC 27001 doesn’t cover: The processes and procedures agreed within the Risk Managed Accreditation Document Set (RMADS) that have been agreed with the Accreditor in compliance with JSP and MoD policies.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Ultima Risk Management
• PCI DSS accreditation date: 29/07/2019
• What the PCI DSS doesn’t cover: Office network not covered as this has no access to client infrastructure.
• Other security certifications: Yes
• Any other security certifications:
  • Formal Accreditation from MoD (DAIS).
  • Cyber Essentials +
  • SOC 2 - System and Organisation Controls
  • ISO 27017:2015 - Information security controls for cloud services
  • ISO 27018:2019 - Protection of PII in public clouds
  • ISO 22301:2020 - Business continuity management systems
  • Police Assured Server Facility (PASF)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Formal Accreditation from DAIS, Cyber Essentials, IASME Governance
• Information security policies and processes: Security policies and procedures form part of the formal system accreditation by DAIS.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Components of the system are recorded and tracked through their lifetime Every change to a configurable item requires a Change Control Form to be documented and approved. Changes are assessed for potential security impact, and where necessary are communicated to the system Accreditor for approval.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management processes form part of the Risk Managed Accreditation Document Set (RMADS) which have been reviewed and approved by the DAIS Accreditor. UKFast monitor threat sources, including CERT to gain information about potential threats. Vulnerabilities and Remediation activities are assessed to determine the priority, with patches being applied within the hour for critical security issues through to monthly patching for routine updates.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: UKFast employ protective monitoring services in compliance with Protective Monitoring for HMG ICT systems (GPG-13).
• Incident management type: Supplier-defined controls
• Incident management approach: Processes for reporting incidents is included within the Risk Managed Accreditation Document Set (RMADS) which includes HMG monitoring departments and points of contact. Users should report incidents to the first line Service Desk team, either by phone, email or via the web-portal. Incident reports are provided as part of the reporting cycle, with exceptional RCA and incident reports provided for security incidents.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • Health and Social Care Network (HSCN)
  • Other
• Other public sector networks: MoD RLI

Pricing

• Price: £15 to £95 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@ukfast.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.